Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by quinn_project
CVE-2024-45311 (GCVE-0-2024-45311)
Vulnerability from cvelistv5 – Published: 2024-09-02 16:45 – Updated: 2024-09-03 14:04
VLAI
Title
Denial of service in quinn-proto when using `Endpoint::retry()`
Summary
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server's `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn't exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/quinn-rs/quinn/security/adviso… | x_refsource_CONFIRM |
| https://github.com/quinn-rs/quinn/commit/e01609cc… | x_refsource_MISC |
| https://github.com/quinn-rs/quinn/blob/bb02a12a84… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| quinn-rs | quinn |
Affected:
>= 0.11.0, < 0.11.7
|
|
| quinn_project | quinn |
Affected:
0.11.0 , < 0.11.7
(custom)
cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*"
],
"defaultStatus": "unknown",
"product": "quinn",
"vendor": "quinn_project",
"versions": [
{
"lessThan": "0.11.7",
"status": "affected",
"version": "0.11.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45311",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T14:01:33.229542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:04:46.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "quinn",
"vendor": "quinn-rs",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.11.0, \u003c 0.11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server\u0027s `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn\u0027t exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-02T16:45:39.465Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8"
},
{
"name": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f"
},
{
"name": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213"
}
],
"source": {
"advisory": "GHSA-vr26-jcq5-fjj8",
"discovery": "UNKNOWN"
},
"title": "Denial of service in quinn-proto when using `Endpoint::retry()`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45311",
"datePublished": "2024-09-02T16:45:39.465Z",
"dateReserved": "2024-08-26T18:25:35.444Z",
"dateUpdated": "2024-09-03T14:04:46.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42805 (GCVE-0-2023-42805)
Vulnerability from cvelistv5 – Published: 2023-09-21 16:39 – Updated: 2024-09-24 15:03
VLAI
Title
quinn-proto Denial of Service vulnerability
Summary
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/quinn-rs/quinn/security/adviso… | x_refsource_CONFIRM |
| https://github.com/quinn-rs/quinn/pull/1667 | x_refsource_MISC |
| https://github.com/quinn-rs/quinn/pull/1668 | x_refsource_MISC |
| https://github.com/quinn-rs/quinn/pull/1669 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| quinn-rs | quinn |
Affected:
< 0.9.5
Affected: >= 0.10.0, < 0.10.5 |
|
| quinn_project | quinn |
Affected:
0 , < 0.9.5
(custom)
Affected: 0.10.0 , < 0.10.5 (custom) cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1667",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quinn-rs/quinn/pull/1667"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1668",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quinn-rs/quinn/pull/1668"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1669",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quinn-rs/quinn/pull/1669"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*"
],
"defaultStatus": "unknown",
"product": "quinn",
"vendor": "quinn_project",
"versions": [
{
"lessThan": "0.9.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "0.10.5",
"status": "affected",
"version": "0.10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:49:07.069105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:03:39.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "quinn",
"vendor": "quinn-rs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.5"
},
{
"status": "affected",
"version": "\u003e= 0.10.0, \u003c 0.10.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T16:39:56.350Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1667",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/pull/1667"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1668",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/pull/1668"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1669",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/pull/1669"
}
],
"source": {
"advisory": "GHSA-q8wc-j5m9-27w3",
"discovery": "UNKNOWN"
},
"title": "quinn-proto Denial of Service vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42805",
"datePublished": "2023-09-21T16:39:56.350Z",
"dateReserved": "2023-09-14T16:13:33.307Z",
"dateUpdated": "2024-09-24T15:03:39.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28036 (GCVE-0-2021-28036)
Vulnerability from cvelistv5 – Published: 2021-03-05 08:38 – Updated: 2024-08-03 21:33
VLAI
Summary
An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://rustsec.org/advisories/RUSTSEC-2021-0035.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-05T08:38:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0035.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2021-0035.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0035.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28036",
"datePublished": "2021-03-05T08:38:51.000Z",
"dateReserved": "2021-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:33:17.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}